It has become the bane of many office workers’ existences: being forced to use complicated and difficult-to-remember passwords laden with random numbers and symbols.
But the man who originally came up with the rules on safe passwords has admitted that his guidance was totally wrong, 14 years after it was first published.
Bill Burr wrote what has become the “bible” on password security in 2003 while working for the US government. It advised using capital letters, numbers and non-alphabetic symbols in passwords, in the belief that they would be more difficult to guess.
His work is now responsible for offices and websites forcing people to adopt tortuous phrases such as “P@55w0rd” or “Football123” to satisfy password forms, as well as IT departments demanding that workers create a new one every 90 days.
But instead of improving security, the combinations actually made computer systems less secure, since users would end up using the same password repeatedly, or writing them down on post-it notes attached to screens.
Nor did the introduction of numbers and symbols make passwords less vulnerable to “brute force” cyber attacks in which a computer cycles through every possible combination of characters to guess a password.
“Much of what I did I now regret,” Mr Burr, who is now retired, told the ‘Wall Street Journal’. “In the end, it was probably too complicated for a lot of folks to understand, and the truth is, it was barking up the wrong tree.”
He added the advice to regularly change passwords was mistaken, since most people end up altering one character, such as changing from “username1” to “username2”, which does little to stop hackers. In 2015, GCHQ advised companies to stop resetting passwords.
The original password guidelines from America’s National Institute for Science and Technology, written by Mr Burr, have been updated to do away with the old rules.
They now advise people use long but easy-to-remember “passphrases”, a sequence of words that do not need to feature special characters or numbers. Using “horsecarrotsaddlestable” would take one trillion years for a “botnet” cyber attack to crack, compared to one minute for “P@55w0rd”.
Article Source: http://tinyurl.com/kbwqb42
- On the money: Ireland’s minimum wage is now the second highest of all EU countries
- Higher rents and utility bills push consumer prices up
- Property prices still rising – but easing rate of increase indicates slight cooling down
- €647m paid out to 39,800 affected tracker mortgage customers
- Spending by householders flat in January as bills for Christmas arrive
- 21 Belvedere Place, Dublin 1
- +353 1 855 4188
- +353 1 836 6550
- 15 Feb 2019On the money: Ireland’s minimum wage is now the second highest of all EU countries
- 15 Feb 2019Higher rents and utility bills push consumer prices up
- 15 Feb 2019Property prices still rising – but easing rate of increase indicates slight cooling down
- 15 Feb 2019€647m paid out to 39,800 affected tracker mortgage customers
- 14 Feb 2019Spending by householders flat in January as bills for Christmas arrive